e03105918ff5048ffb9b336493e9a068_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e03105918ff5048ffb9b336493e9a068_JaffaCakes118
Size

109KB
MD5

e03105918ff5048ffb9b336493e9a068
SHA1

90dba11d7d55ad751f3088e41ef14f6935db4b98
SHA256

c40cb04e170cf9cafce0a0fd26b983bb237fb284663d49ca17c1becc5149cfc9
SHA512

23bfe1a256588ba537f58b2b1fc15b50ef0d9f1f355f52e3e2c3e3d8d9e46b23c038533813a26aaa04c8ca857e0f693b48ec67a51b4abee426ee90ac852aaba2
SSDEEP

1536:RzNK46fiGP0Xr8F60sfRcBFrSAgFwvvcDEQiuTeQU4lWPezbJlk6Ba0X2hCkIOcN:Rzf1rY5sfRcXFLgxtU/PezbJFXlvYQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
e03105918ff5048ffb9b336493e9a068_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/MachineKey.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack001/$PLUGINSDIR/rc4hex.dll

Files

e03105918ff5048ffb9b336493e9a068_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9fef75ce47559cefd1415006c79bcd52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomW
LocalCompact
GetCommConfig
SetCriticalSectionSpinCount
SetCommTimeouts
GlobalHandle
VirtualQuery
PrivCopyFileExW
TerminateJobObject
GetConsoleHardwareState
UnlockFile
EnumUILanguagesW
GetThreadLocale
PrivCopyFileExW
GetCommandLineA
ExitProcess
GetStartupInfoA

user32

DrawTextExW
PrivateExtractIconsW
SetMenuItemInfoW
CreateDialogIndirectParamA
GetUserObjectSecurity
DrawMenuBarTemp
InSendMessage
MapWindowPoints
RegisterDeviceNotificationA
DdeQueryNextServer

gdi32

HT_Get8BPPMaskPalette
EngFreeModule
GetMapMode
GetTextExtentExPointI
GetCharWidth32A
EnableEUDC
PlgBlt
GdiCreateLocalMetaFilePict
GetMetaRgn
EngAlphaBlend
GetObjectA
GdiConvertPalette

Sections

.text
Size: 5KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
MapWindowPoints
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadImageA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MachineKey.dll
.dll windows:4 windows x86 arch:x86

373a46f2dac5b6d7b5b3f2780d9e54f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeA
GetVolumeInformationA
HeapAlloc
HeapFree
GetProcessHeap
lstrcpynA
GlobalAlloc
GlobalFree
lstrcpyA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
WriteFile
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

GetKey

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/rc4hex.dll
.dll windows:4 windows x86 arch:x86

f74b9bcddcae417b38b2c5be37034174

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

kernel32

FreeEnvironmentStringsW
GetSystemInfo
VirtualProtect
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
lstrlenA
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
InterlockedExchange
VirtualQuery
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

http_get
rc4hex_decode
rc4hex_encode

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fef75ce47559cefd1415006c79bcd52

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 5KB - Virtual size: 191KB

DATA Size: 36KB - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 3KB

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

373a46f2dac5b6d7b5b3f2780d9e54f0

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 4KB - Virtual size: 3KB

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 912B

.data Size: 512B - Virtual size: 76B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 134B

f74b9bcddcae417b38b2c5be37034174

Headers

File Characteristics

Imports

wininet

kernel32

Exports

.text
Size: 5KB - Virtual size: 191KB

DATA
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 134B

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB